Skills
skills/kw12121212/auto-spec-driven/spec-driven-verify/Gen Agent Trust Hub

spec-driven-verify

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script located at {{SKILL_DIR}}/scripts/spec-driven.js with several subcommands (modify, verify, apply) to perform its core verification logic.
  • [PROMPT_INJECTION]: The skill processes external, user-provided data from the project's .spec-driven directory, which presents an indirect prompt injection surface.
  • Ingestion points: Reads content from questions.md, proposal.md, and various specification files in the .spec-driven directory.
  • Boundary markers: No explicit delimiters or protective instructions are used to distinguish user-provided file content from the skill's own instructions.
  • Capability inventory: The skill possesses file read access and the ability to execute shell commands and Node.js scripts.
  • Sanitization: There is no evidence of content validation or sanitization before the agent processes the information from the external files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 01:18 PM